Loading market data...

CVE Feed

Latest vulnerabilities from the National Vulnerability Database.

21960
Total
1564
Critical
6679
High
7025
Medium
CVE ID Severity Score Description Published
CVE-2026-47223 MEDIUM 5.4 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the … Jun 12, 2026
CVE-2026-47216 UNKNOWN Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially … Jun 12, 2026
CVE-2026-44173 MEDIUM 5.0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 … Jun 12, 2026
CVE-2026-44172 UNKNOWN MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it … Jun 12, 2026
CVE-2026-44171 MEDIUM 6.3 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 … Jun 12, 2026
CVE-2026-44170 UNKNOWN MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 … Jun 12, 2026
CVE-2026-44169 MEDIUM 4.3 MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting … Jun 12, 2026
CVE-2026-44168 HIGH 8.0 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 … Jun 12, 2026
CVE-2026-7387 HIGH 8.8 Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to require role-management authorization when setting the scheme_admin flag … Jun 12, 2026
CVE-2026-7184 MEDIUM 6.5 Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15 fail to sanitize the Remote Cluster API response on PATCH operations, which allows authenticated … Jun 12, 2026
CVE-2026-6961 HIGH 7.6 Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Mattermost fails to sanitize FileInfo.Name received from federated peers during shared … Jun 12, 2026
CVE-2026-6739 MEDIUM 6.7 Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to require system-level permission when patching protected default system roles, … Jun 12, 2026
CVE-2026-6689 MEDIUM 4.3 Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 Fail to enforce PermissionInviteUser when setting AllowOpenInvite or AllowedDomains during team … Jun 12, 2026
CVE-2026-6046 MEDIUM 5.3 Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to validate that a username returned during bot registration belongs … Jun 12, 2026
CVE-2026-53982 MEDIUM 6.5 Cap-go Console < 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering … Jun 12, 2026
CVE-2026-53981 HIGH 7.6 Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change … Jun 12, 2026
CVE-2026-47224 MEDIUM 4.3 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the … Jun 12, 2026
CVE-2026-47222 MEDIUM 5.4 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bounds read exists in the … Jun 12, 2026
CVE-2026-3840 HIGH 7.1 A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The `_get_versioned_path()` method in `kedro/io/core.py` directly … Jun 12, 2026
CVE-2026-3433 MEDIUM 4.3 Mattermost versions 11.6.x <= 11.6.1, 11.5.x <= 11.5.4, 10.11.x <= 10.11.15, 10.11.x <= 10.11.16 fail to restrict role_updated websocket event broadcasts to members of the … Jun 12, 2026
CVE-2026-9641 MEDIUM 5.3 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which should only be used … Jun 12, 2026
CVE-2026-9638 HIGH 7.5 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for … Jun 12, 2026
CVE-2026-8828 UNKNOWN A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or … Jun 12, 2026
CVE-2026-5792 MEDIUM 6.5 Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force. This issue affects Related Marketing … Jun 12, 2026
CVE-2026-53568 UNKNOWN Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue … Jun 12, 2026